SMU Community Chat
Crowe Expert: Don’t Be Complacent About Cybersecurity
Written by Tim Triplett
November 9, 2021
Ransomware is a growth industry, netting some $20 billion from victims in 2021. A ransomware attack can happen at any time, to any business large or small, with devastating consequences. “It’s not just the big Colonial Pipeline incidents you read in the news. It’s happening to smaller organizations as well. A lot of times it’s their controls that are the weakest,” said Crowe cybersecurity expert Michael Del Giudice during last Wednesday’s Steel Market Update Community Chat.
How do cybersecurity breaches occur? Hackers with criminal intent usually begin with reconnaissance as they gather online information about a potential target. Then they look for a point of entry, often taking advantage of an unsuspecting employee who may have a weak password or can be tricked into clicking on an infected email attachment. That’s the pivot point at which they gain entry and can search for other system vulnerabilities and install malware. They may look for ways to extract data that they could then sell or, in the case of ransomware, block the company’s access to its critical systems until they make a ransom payment.
Cybersecurity is about maintaining the confidentiality of sensitive information, assuring the integrity and accuracy of data, and making sure those assets are available when they are needed. “Ransomware targets that availability aspect. It prevents you from doing business,” Del Giudice said.
“Should you pay the ransom? I get that question a lot,” he added. “The FBI says no, but that’s an easy answer. I agree, if you don’t have to, don’t pay it. But there are a lot of variables. If you don’t have the backup to recover your data and your systems, it is sometimes hard to not pay. There are a lot of people paying.”
What can an organization do to protect itself? Quick action is critical, Del Giudice said. Employees need to be trained in security awareness and how to respond to suspicious activity. Workers who think they may have clicked on a nefarious email, for example, should not request IT support and wait two days for the tech to show up. They should unplug their workstation from the network immediately so a virus cannot propagate.
From an administrative standpoint, procedures should be put in place to back up data periodically and store it offline. Networks should be segmented to head off the spread of malware. Systems should be set up to monitor and log any suspicious activity. Outbound channels of communication should be monitored to prevent data exfiltration. Response to incidents should be rapid, by individuals with the right technical skills. Contracting with a third-party cybersecurity firm, and getting insurance coverage for related breaches, are also recommended measures.
“It’s the basic blocking and tackling, making sure you are using strong passwords, patching the system, updating technology. There is this basic attitude that if it isn’t broken, we don’t need to fix it. But missing patches and outdated technology put you at risk,” he warned.
Editor’s note: Don’t miss SMU’s next free Community Chat, which will feature trade attorney Lewis Leibowitz at 11 a.m. Wednesday, Nov. 17. Click here to register.
Tim Triplett
Read more from Tim TriplettLatest in SMU Community Chat
SMU Community Chat: Timna Tanners on ‘Trumplications’ for steel in 2025
Wolfe Research's Managing Director Timna Tanners discusses the 'Trumplications' for steel in the coming year in this week's SMU Community Chat.
SMU Community Chat replay now available
The latest SMU Community Chat webinar reply is now available on our website to all members. After logging in at steelmarketupdate.com, visit the community tab and look under the “previous webinars” section of the dropdown menu. All past Community Chat webinars are also available under that selection. If you need help accessing the webinar replay, or if your company […]
SMU Community Chat: Tomorrow at 11 am ET with Timna Tanners of Wolfe Research
Timna Tanners, managing director of equity research for Wolfe Research, will be the featured speaker on tomorrow’s SMU Community Chat. The webinar will be on Wednesday, Nov. 13, at 11 am ET. It’s free to attend. You can register here. Timna – who has coined Sheet Storm, Scrap Squeeze, and Galv Galore – is one of […]
SMU Community Chat: Nov. 13 at 11 am ET with Timna Tanners of Wolfe Research
Timna Tanners, managing director of equity research for Wolfe Research, will be the featured speaker on the next SMU Community Chat. The webinar will be on Wednesday, Nov. 13, at 11 am ET. It’s free to attend. You can register here. Timna – who has coined Sheet Storm, Scrap Squeeze, and Galv Galore – is one of the most popular guests on our Community Chats. Her insights and forecasts are always thought-provoking.
SMU Community Chat: Leibowitz talks trade, tariffs, and changing world order
Last week’s Community Chat with international trade attorney and regular SMU columnist Lewis Leibowitz was packed full of valuable perspectives on trade topics near and dear to the steel industry.